CVE-2015-5382

Published: May 23, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150706 Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6

mailing-list

x_refsource_MLIST

https://github.com/roundcube/roundcubemail/commit/e84fafcec22e7b460db03248dc23ed6b053b15c9

x_refsource_CONFIRM

https://github.com/roundcube/roundcubemail/commit/6ccd4c54bcc4cb77365defabe8bbe7d10b2620d4

x_refsource_CONFIRM

https://github.com/roundcube/roundcubemail/issues/4817

x_refsource_CONFIRM

https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released

x_refsource_CONFIRM

[oss-security] 20150707 Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-5382

Description

Affected Products

References